Verifying multiple detached cleartext sig's

[Werner Koch]

"Todd L. Brooks" <todd.brooks@yale.edu> writes:

> Let's say you have a file which needs to be signed by multiple people. One
> thing to do is have each person create an individual detached cleartext
> signature, and then put all of them into one signature file.
> 
> * In pgp6.5.1 if you verify such a file it will automatically verify all
>   of these signatures.

I have not analyzed this yet.  The reason may be that PGP5 does not
use the one-pass signature packets but gpg creates a faked one in
front of the cleartext and then later may not be aware, that you have
more than one signature.  Not to be fixed in 1.0.0 but I give it a bug
number.


-- 
Werner Koch at guug.de           www.gnupg.org           keyid 621CC013